CVE-2022-38020: Visual Studio Code Elevation of Privilege Vulnerability

Overview

Severity

High (CVSS 7.3)

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

Category

Elevation of Privilege

Exploit Status

Not Exploited

Exploitation Likelihood

Less Likely

Patch Tuesday

2022-Sep

Released

2022-09-13

EPSS Score

2.19% (percentile: 84.4%)

FAQ

According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? The user would have be enticed to open a malicious file in a directory. Users should never open anything that they do not know or trust to be safe. What privileges could be gained by an attacker who successfully exploited the vulnerability? An attacker who successfully exploited this vulnerability could execute code in the context of another Visual Studio Code user on the vulnerable system.

Affected Products (1)

Developer Tools

• Visual Studio Code

Security Updates (1)

• Release Notes

Acknowledgments

<a href="https://github.com/ycdxsb">ycdxsb</a> with <a href="https://www.iie.ac.cn/">VARAS@IIE</a>

Revision History

• 2022-09-13: Information published.